Cybersecurity Final Exam Review (Chapters 12-15)
Which of the following is the definition of continuing professional education (CPE)?
A standard unit of credit that equals 50 minutes of instruction.
________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
Accredited
Which is Cisco's highest level of certification?
Architect
The regulating agency for the Children's Internet Protection Act is the ________.
FCC
Which regulating agency has oversight for the Children's Internet Protection Act?
FCC
The ________________,enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the widespread adoption and standardization of health information technology.
HITECH Act
The four main credentials of the ________ are Systems Security Certified Practitioner (SSCP®), Certified Information Systems Security Professional (CISSP®), Certified Authorization Professional (CAP®), and Certified Secure Software Lifecycle Professional (CSSLP®).
International Information Systems Security Certification Consortium, Inc. (ISC)2
Which is the highest level of Check Point certification for network security?
CCMA
____________ creates standards that federal agencies use to classify their data and IT systems.
NIST
"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned." This is a disadvantage to choosing the self-study option that can be labeled ________.
procrastination
The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.
professional development
FISMA requires each federal agency to create an agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ________.
security awareness training
A master's degree program goes beyond the level of a bachelor's degree program and generally consists of ___________ year(s) of study beyond a bachelor's degree.
two
One type of degree that many institutions offer is the associate's degree. This degree is the most accessible because it generally represents a _________ program.
two-year
The HITECH Act defined a tiered system for assessing the level of each HIPAA privacy violation and, therefore, its penalty. Tier B includes ________.
violations due to reasonable cause, but not "willful neglect"
Tier C violations under the HITECH Act are ________.
violations due to willful neglect that the organization ultimately corrected
Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.
NSA
What name is given to educational institutions that meet specific federal information assurance educational guidelines?
National Centers of Academic Excellence in Information Assurance Education (CAE/IAE)
____________ is a person's right to control the use and disclosure of his or her own personal information.
Privacy
The regulating agency for the Sarbanes-Oxley Act is the ________.
Securities and Exchange Commission
DoD Directive 8570.01 is a voluntary certification requirement and has increased the number of personnel who pursue certifications.
True
Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance.
True
The Infotec Security Certified Program (SCP) certification programs apply mainly to network security topics and are most appropriate for professionals involved in securing network components within the IT infrastructure.
True
The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information.
True
Today, one of the most common methods for identifying what skills a security professional possesses is his or her level of certification.
True
The regulating agency for the Family Educational Rights and Privacy Act is the ________.
U.S. Department of Education
In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations.
compliance
Information regulated under the Gramm-Leach-Bliley Act is ________.
consumer financial information
An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.
continuing education
The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.
continuing education
Information regulated under the Sarbanes-Oxley Act is ________.
corporate financial information
Health plans, health care clearinghouses, and any health care provider that transmit PHI in an electronic form are known as ________ under HIPAA.
covered entities
FERPA allows a special category of personally identifiable information to be disclosed without student consent. A school can do this so long as it has given notice to the student that it will disclose this information. This category of information is called _____________.
directory information
CompTIA's Security+ certification provides ________.
entry-level information security certification of choice for IT professionals
The standard bachelor's degree is a __________ program.
four-year
The ________ is a regulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.
minimum necessary rule
With university doctoral programs, completing the degree requirements takes ________.
no standard time frame
What term is used to describe any personally identifiable financial information that a consumer provides to a financial institution?
nonpublic personal information (NPI)
The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems.
CISSP-ISSEP
The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems.
CISSP-ISSEP®
The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.
CISSP-ISSMP
The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.
CISSP-ISSMP®
What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?
Certificate of completion
The best fits for (ISC)2's_____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements.
Certified Authorization Professional
(ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications.
Certified Secure Software Lifecycle Professional
Generically, this is data that can be used to individually identify a person, including Social Security number, driver's license number, financial account data, and health data.
Personally identifiable information (PII)